Audit record layout for OBJMAINT events
The format of the audit record for OBJMAINT events is shown in the following table.
Sample audit record:
timestamp=1998-06-24-08.42.41.957524;
category=OBJMAINT;
audit event=CREATE_OBJECT;
event correlator=3;
event status=0;
database=FOO;
userid=boss;
authid=BOSS;
application id=*LOCAL.newton.980624124210;
application name=testapp;
package schema=NULLID;
package name=SQLC28A1;
package section=0;
object schema=BOSS;
object name=AUDIT;
object type=TABLE;
NAME | FORMAT | DESCRIPTION |
---|---|---|
Timestamp | CHAR(26) | Date and time of the audit event. |
Category | CHAR(8) | Category of audit event. Possible
values are: OBJMAINT
|
Audit Event | VARCHAR(32) | Specific Audit Event. For a list of possible values, refer to the section for the OBJMAINT category in Audit events. |
Event Correlator | INTEGER | Correlation identifier for the operation being audited. Can be used to identify what audit records are associated with a single event. |
Event Status | INTEGER | Status of audit event, represented
by an SQLCODE where Successful event > = 0
Failed event < 0 |
Database Name | CHAR(8) | Name of the database for which the event was generated. Blank if this was an instance level audit event. |
User ID | VARCHAR(1024) | User ID at time of audit event. |
Authorization ID | VARCHAR(128) | Authorization ID at time of audit event. |
Origin Node Number | SMALLINT | Member number at which the audit event occurred. |
Coordinator Node Number | SMALLINT | Member number of the coordinator member. |
Application ID | VARCHAR(255) | Application ID in use at the time the audit event occurred. |
Application Name | VARCHAR(1024) | Application name in use at the time the audit event occurred. |
Package Schema | VARCHAR(128) | Schema of the package in use at the time of the audit event. |
Package Name | VARCHAR(256) | Name of package in use at the time the audit event occurred. |
Package Section Number | SMALLINT | Section number in package being used at the time the audit event occurred. |
Object Schema | VARCHAR(128) | Schema of the object for which the audit event was generated. |
Object Name | VARCHAR(128) | Name of object for which the audit event was generated. |
Object Type | VARCHAR(32) | Type of object for which the audit
event was generated. Possible values include: those shown in the
topic titled Audit record object types. |
Package Version | VARCHAR(64) | Version of the package in use at the time the audit event occurred. |
Security Policy Name | VARCHAR(128) | The name of the security policy if the object type is TABLE and that table is associated with a security policy. |
Alter Action | VARCHAR(32) | Specific Alter operation Possible values
include:
|
Protected Column Name | VARCHAR(128) | If the Alter Action is ADD_COLUMN_PROTECTION or DROP_COLUMN_PROTECTION this is the name of the affected column. |
Column Security Label | VARCHAR(128) | The security label protecting the column specified in the field Column Name. |
Security Label Column Name | VARCHAR(128) | Name of the column containing the security label protecting the row. |
Local Transaction ID | VARCHAR(10) FOR BIT DATA | The local transaction ID in use at the time the audit event occurred. This is the SQLU_TID structure that is part of the transaction logs. |
Global Transaction ID | VARCHAR(30) FOR BIT DATA | The global transaction ID in use at the time the audit event occurred. This is the data field in the SQLP_GXID structure that is part of the transaction logs. |
Client User ID | VARCHAR(255) | The value of the CURRENT CLIENT USERID special register at the time the audit event occurred. |
Client Workstation Name | VARCHAR(255) | The value of the CURRENT CLIENT_WRKSTNNAME special register at the time the audit event occurred. |
Client Application Name | VARCHAR(255) | The value of the CURRENT CLIENT_APPLNAME special register at the time the audit event occurred. |
Client Accounting String | VARCHAR(255) | The value of the CURRENT CLIENT_ACCTNG special register at the time the audit event occurred. |
Trusted Context Name | VARCHAR(255) | The name of the trusted context associated with the trusted connection. |
Connection Trust Type | CHAR(1) | Possible values are:
'' - NONE '1' - IMPLICIT_TRUSTED_CONNECTION '2' - EXPLICIT_TRUSTED_CONNECTION |
Role Inherited | VARCHAR(128) | The role inherited through a trusted connection. |
Object Module | VARCHAR(128) | Name of module to which the object belongs. |
Associated Object Name | VARCHAR(128) | Name of the object for which an association exists. The meaning of the association depends on the Object Type for the event. If the Object Type is PERMISSION or MASK, then the associated object is the table on which the permission or mask has been created. |
Associated Object Schema | VARCHAR(128) | Name of the object schema for which an association exists. The meaning of the association depends on the Object Type for the event. |
Associated Object Type | VARCHAR(128) | The type of the object for which an association exists. The meaning of the association depends on the Object Type for the event. |
Associated Subobject Type | VARCHAR(128) | The type of the subobject for which an association exists. The meaning of the association depends on the Object Type for the event. If the Object Type is MASK and the associated object type is TABLE, then the associated subobject is the column of the table on which the mask has been created. |
Associated Subobject Name | VARCHAR(128) | Name of the subobject for which an association exists. The meaning of the association depends on the Object Type for the event. |
Secured | VARCHAR(32) | Specifies if the object is a secured object. |
State | VARCHAR(32) | The state of the object. The state depends on the Object Type. Possible
values include:
|
Access Control | VARCHAR(32) | Specifies what access control the object is protected with. Possible values include:
|
Original User ID | VARCHAR(1024) | The value of the CLIENT_ORIGUSERID global variable at the time the audit event occurred. |
Tenant name | VARCHAR(128) | Tenant name in use at the time the audit event occurred. |